If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

wifite.py + reaver to retrieve WPA2 pass phrase

I am running these tools against my home network.

I am running first wifite.py (http://www.backtrack-linux.org/forum...ad.php?t=48161) and then reaver.
I know wifite.py is very capable of cracking WPS enabled APs. However this time it cracked the correct WPS pin but not the passphrase. Hence I run reaver to crack the passphrase. I ran it 4 times and everytime it retrieved 4 different passphrase and none of them are correct. Please see the detailed output as below.

Hey thanks.. I think I have moved on from wifite.py (great tool really). This now pertains only to Reaver tool. Question is for the same WPS Pin why does Reaver crack different passphrases (none of them work by the way).?

Re: wifite.py + reaver to retrieve WPA2 pass phrase

If the PIN is correct, you can use wpa_supplicant and wpa_cli to authenticate to the router, and then read the PSK either from the router config page or wpa_supplicant.conf. There is info on how to do this in the Reaver googlecode issues section. Reaver often gives me the PIN but not the PSK, and I can confirm this method works.

Re: wifite.py + reaver to retrieve WPA2 pass phrase

Originally Posted by VulpiArgenti

If the PIN is correct, you can use wpa_supplicant and wpa_cli to authenticate to the router, and then read the PSK either from the router config page or wpa_supplicant.conf. There is info on how to do this in the Reaver googlecode issues section. Reaver often gives me the PIN but not the PSK, and I can confirm this method works.

First of all thanks a lot to VulpiArgenti. Let me first warn the readers that this going to be a long message.

I am still not able to successfully retrieve the passphrase though I know this method works as I have tested it with other routers.

You should see an "OK". Wait a few more seconds as wpa_supplicant picks up the BSSID
and tries to associate and perform key negotiation. What you want to see is
"CTRL-EVENT-CONNECTED", which will indicate that the PIN was accepted and that you're
now associated.

At this point, if you were to exit wpa_cli, you could run dhclient on wlan0
and would be offered an IP from the AP, assuming DHCPd were enabled.

Go ahead and type the command 'save' at wpa_cli terminal, which should output another "OK".
This will update the wpa_supplicant.conf file, as specified from the command line,
with a static configuration for this new network.

Verify by: cat /etc/wpa_supplicant.conf

If all went well, you should have a line under this new network titled 'psk'.
That is the ssid passphrase
___________

Now here is my output of the events:

I have created the wpa_supplicant.conf and then start the wpa_supplicant in daemon mode in one terminal

Then I open another terminal and start wpa_cli
Please see the output of these two terminals:

Re: wifite.py + reaver to retrieve WPA2 pass phrase

CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys

This suggests the PIN is wrong, or the AP is locked, or wpa_cli is not configured correctly (for your router).

You could look at further commands to wpa_cli eg increase debugging level, force reassociation (see man), and also run wpa_supplicant with debug flag (-dd). Could also attempt to reconfigure the router with wpa_supplicant?? That's the limit of my knowledge I'm afraid.

Re: wifite.py + reaver to retrieve WPA2 pass phrase

Just to clarify, there seems to be some confusion between the passphrase and the pre-shared key (PSK) here.

The passphrase is what you configure on your router/AP. Similar to a password, and (relatively) easy to remember. Your router/AP does not use this for encryption. The actual key (PSK) is calculated through applying a key-derivation function which is salted with the router's SSID

VulpiArgenti's post above sounds about right. I was messing about with my own network settings yesterday - configuring network settings without using either network manager or WICD. I ran into the same issue with the disconnect event a number of times. Seems that there's a few different ways of configuring the wpa_supplicant.conf file, and that the network can be a bit fussy about that.